Last active
August 27, 2018 21:39
-
-
Save spacelatte/b8bd7095c3b8f883c1419640e2cfc474 to your computer and use it in GitHub Desktop.
single script blog/messaging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
const usertab = "users"; | |
const posttab = "posts"; | |
$db = new SQLite3("./blog.db",SQLITE3_OPEN_READWRITE|SQLITE3_OPEN_CREATE); | |
if(!$db) die("error db"); | |
ob_start(); | |
session_start(); | |
$sid = session_id(); | |
header("x-author: mert akengin, put your custom header(s) here"); | |
header("content-type: text/plain"); | |
$db->exec("create table if not exists ".usertab." (" | |
."id integer primary key," | |
."name text not null unique," | |
."pass text not null," | |
."sess text" | |
.");") or die("error while creating users' table\n"); | |
$db->exec("create table if not exists ".posttab." (" | |
."id integer primary key," | |
."content text not null," | |
."author integer not null," | |
."time integer not null" | |
.");") or die("error while creating posts' table\n"); | |
class User { | |
// const dummy; | |
public $id; | |
public $name; | |
public $pass; | |
public $sess; | |
function __construct() { | |
if(!func_num_args()) { | |
$this->id = null; | |
$this->name = null; | |
$this->pass = null; | |
}else{ | |
$this->id = null; | |
$this->name = func_get_arg(0); | |
setPass(func_get_arg(1)); | |
} | |
return; | |
} | |
function checkSession($session) { | |
return !strcmp($session,$this->sess); | |
} | |
function checkPass($pass) { | |
return !strcmp($pass,$this->pass); | |
} | |
function setSession($session) { | |
$this->sess = $session; | |
return; | |
} | |
function setPass($pass) { | |
$this->pass = md5($name.":".$pass); | |
return; | |
} | |
} | |
function _finish() { //redundancy everywhere | |
global $db; | |
$db->close(); | |
ob_end_flush(); | |
exit(0); | |
} | |
function sql_array_to_obj(&$obj,$arr) { | |
if(!$arr) | |
return; | |
foreach($arr as $k => $v) | |
$obj->$k = $v; | |
return; | |
} | |
$usr = new User(); | |
if(!$db->querySingle("select id from ".usertab." where name = 'admin';")) | |
$db->exec("insert into ".usertab." values(null,'admin','".md5("admin:admin")."',null);"); | |
sql_array_to_obj($usr,$db->querySingle("select * from ".usertab." where sess = '".SQLite3::escapeString($sid)."';",true)); | |
if(isset($_GET["action"])) { | |
switch($_GET["action"]) { | |
case "login": | |
// session_destroy(); | |
// session_start(); | |
$sid = session_id(); | |
$hash = md5($_POST["usr"].":".$_POST["pwd"]); | |
$db->exec("update ".usertab." set sess = '".SQLite3::escapeString($sid)."' where name = '".SQLite3::escapeString($_POST["usr"])."' and pass = '".SQLite3::escapeString($hash)."';"); | |
header("location: ?");//".$_SERVER["HTTP_REFERER"]); | |
_finish(); | |
break; | |
case "logout": | |
if(!$usr->id) { | |
echo ("you need to get in before able to get out smartass\n"); | |
_finish(); | |
} | |
// session_destroy(); | |
$db->exec("update ".usertab." set sess = null where id = '".intval($usr->id)."';"); | |
header("location: ".$_SERVER["HTTP_REFERER"]); | |
_finish(); | |
break; | |
case "join": | |
if($usr->id) { | |
echo ("you need to get out before able to get in smartass\n"); | |
_finish(); | |
} | |
// session_destroy(); | |
// session_start(); | |
$sid = session_id(); | |
$hash = md5($_POST["usr"].":".$_POST["pwd"]); | |
$db->exec("insert into ".usertab." values(" | |
."null," | |
."'".SQLite3::escapeString($_POST["usr"])."'," | |
."'".SQLite3::escapeString($hash)."'," | |
."'".SQLite3::escapeString($sid)."'" | |
.");") or die("error, possibly the user already exists!\n"); | |
header("location: ".$_SERVER["HTTP_REFERER"]); | |
_finish(); | |
break; | |
case "post": | |
if(!$usr->id) { | |
echo ("where are you going without an account!\n"); | |
_finish(); | |
} | |
$db->exec("insert into ".posttab." values(null," | |
."'".SQLite3::escapeString($_POST["content"])."'," | |
."'".intval($usr->id)."','".time()."');"); | |
header("location: ".$_SERVER["HTTP_REFERER"]); | |
_finish(); | |
break; | |
case "passwd": | |
break; | |
default: | |
echo ("not implemented\n"); | |
_finish(); | |
break; | |
} | |
// handle post | |
} | |
header("content-type: text/html"); | |
?> | |
<html> | |
<head> | |
<title>A n00b blog system</title> | |
<meta charset="utf-8" /> | |
</head> | |
<body> | |
<?php if(!$usr->id) { ?> | |
<h3>Login:</h3> | |
<datalist id=users > | |
<?php | |
$users = $db->query("select name from ".usertab." where sess is null;") or die("error getting users"); | |
while($u = $users->fetchArray(SQLITE3_NUM)) | |
echo "<option value='".($u[0])."' />\n"; | |
?> | |
</datalist> | |
<form method=POST action="?action=login"> | |
username: <input type=text name=usr list=users /> | |
password: <input type=password name=pwd /> | |
<br><input type=submit value="login" /> | |
</form> | |
<hr> | |
<h3>Register:</h3> | |
<form method=POST action="?action=join"> | |
username: <input type=text name=usr /> | |
password: <input type=password name=pwd /> | |
<br><input type=submit value="register" /> | |
</form> | |
<?php }else{ ?> | |
<?php | |
echo $db->querySingle("select name from users where id = '".intval($usr->id)."';"); | |
?> | |
<a href="?action=logout">logout</a> | |
<hr> | |
<form method=POST action="?action=post"> | |
<textarea name="content" | |
placeholder="type new post" onkeypress="post(event,this)" autofocus ></textarea> | |
<br><input type=submit value="post" /> | |
</form> | |
<?php | |
//header("refresh: 10"); | |
$posts = $db->query("select * from posts order by id desc;"); | |
while($x = $posts->fetchArray(SQLITE3_ASSOC)) { | |
echo "<div class=post >\n"; | |
echo "<div class=auth >\n"; | |
echo $db->querySingle("select name from users where id = '".intval($x["author"])."';"); | |
echo " said on ".date("Y-m-d H:i:s",intval($x["time"])).":</div>\n"; // author section end | |
echo htmlentities($x["content"]); | |
echo "</div>\n"; // post section end | |
echo "<hr>\n"; | |
} | |
?> | |
<?php } ?> | |
<script> | |
window.onload = function() { | |
console.log("ok"); | |
}; | |
function post(event,element) { | |
if(event.keyCode === 13 && (event.altKey || event.ctrlKey)) | |
element.parentNode.submit(); | |
//console.log(event,[element]); | |
return; | |
} | |
</script> | |
</body> | |
</html> | |
<?php | |
_finish(); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment